Conventional content management software uses public keys to protect content and private keys to access protected content. Even though the private keys are stored in an encrypted form on computing devices running the content management software, malicious individuals may obtain a private key on a device and gain access to the content. In response to this security breach, conventional approaches update the public and private keys on devices so that new content remains protected. This update is performed using a key server. While this update is generally secure, data (though encrypted) may be accessed and analyzed by malicious individuals as it travels over networks connecting a device to the key server. Furthermore, this update method requires a key server and uses network bandwidth.